Mempodipper is a great Exploit that uses a Vulnerability found on ALL Linux kernels >=2.6.39 that haven’t been Patched, yet!
Extract from the Official Blog:
Mempodipper is an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago. Let’s take the old kernel code step by step and learn what’s the matter with it.
We highly suggest you read more about Mempodipper here: http://blog.zx2c4.com/749
The Source-Code of Mempodipper: http://git.zx2c4.com/CVE-2012-0056/tree/mempodipper.c
To use it:
1. Paste the Source in a File
2. Save it as “mempodipper.c”
3. Compile using: “gcc mempodipper.c -o mempodipper”
4. Execute like this: ” ./mempodipper”